core: default tee_otp_get_die_id() based on HUK

Changes the default weak tee_otp_get_die_id() implementation to use huk_subkey_derive() to derive a unique die ID based on the hardware unique key. Note that the SSK derivation retains backwards compatibility if CFG_CORE_HUK_SUBKEY_COMPAT is set to 'y' and tee_otp_get_die_id() wasn't replaced with a platform specific implementation. Reviewed-by: Joakim Bech <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
vingu-linaro · Apr 30, 2019 · fda7837 · fda7837
1 parent 9cc10bc
commit fda7837
Showing 1 changed file with 3 additions and 5 deletions.
diff --git a/core/arch/arm/kernel/otp_stubs.c b/core/arch/arm/kernel/otp_stubs.c
@@ -5,6 +5,7 @@
 
 #include <inttypes.h>
 #include <kernel/tee_common_otp.h>
+#include <kernel/huk_subkey.h>
 
 /*
  * Override these in your platform code to really fetch device-unique
@@ -21,11 +22,8 @@ __weak TEE_Result tee_otp_get_hw_unique_key(struct tee_hw_unique_key *hwkey)
 
 __weak int tee_otp_get_die_id(uint8_t *buffer, size_t len)
 {
-	static const char pattern[4] = { 'B', 'E', 'E', 'F' };
-	size_t i;
-
-	for (i = 0; i < len; i++)
-		buffer[i] = pattern[i % 4];
+	if (huk_subkey_derive(HUK_SUBKEY_DIE_ID, NULL, 0, buffer, len))
+		return -1;
 
 	return 0;
 }